This project is read-only.

Cookies or Session?

May 1, 2011 at 4:00 PM
Edited May 1, 2011 at 11:39 PM

First off, Jon, thanks for the amazing tutorial.  This has been a great experience so far!

I have a question:  In the ShoppingCart class (section 8 of tutorial), you explicitly say we're going to use session, but that it's bad (and I concur).  Like most developers who work on production systems, session is simply not an option for me.  So as I was looking at adapting this model to use cookies, I noticed this in your code comments:



        // We're using HttpContextBase to allow access to cookies.
        public string GetCartId(HttpContextBase context)
            if (context.Session[CartSessionKey] == null)
                    // Send tempCartId back to client as a cookie
                    context.Session[CartSessionKey] = tempCartId.ToString();


So, am I missing something?  Is the manner in which you're using session somehow using cookies?  Is this load-balancer safe?  

I guess I'm just confused.  I haven't used session since the ASP days, and based on your comments I'm wondering if I'm confused about the implementation.

Thanks in advance,


May 11, 2011 at 9:22 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
May 11, 2011 at 9:31 PM

You're right - It looks like that comment is inaccurate - we're just saving to Session. It shouldn't be a big deal to change this to use cookies, although I haven't tested that. We'd replace context.Session[CartSessionKey] with context.Response.Cookies[CartSessionKey] and context.Response.Cookies[CartSessionKey].

Remember to check the AccountController, since it also deals with anonymous carts. If you search for CartSessionKey, you should find all references pretty easily.